NetBSD-Users archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Using LDAP for auth against LINUX

Hello all and a happy new year,

I'm in the process of changing our infrastructure from NIS to LDAP. In the past
NIS was hosted on a AlphaServer 1200 with Tru64UNIX that acted as an file
server. Since the storage is going to be exhausted and buying more hard disks
was not an option it was planned to buy a new server with plenty of storage.

The new server has arrived and got SuSE Linux Enterprise Server 10 installed
(there was no option to choose an other OS :-( . It will serve Windows Clients
(NT, W2k, XP, ..) via Samba and Unix-Systems (Tru64, NetBSD, Linux, ..) via NFS.
Samba is configured as a PDC. Users are kept in LDAP so that password
syncronisation can easily be achieved. This setup works as expected.

Now, I have to adapt all the other systems to the new infrastructure. The most
urgend task is to switch the mail server to the new setup. The mail server is a
AlphaStation 255/300 with NetBSD-3.0.

$ > uname -a
NetBSD host 3.0 NetBSD 3.0 (GENERIC) #0

Since the change is in progress this server uses the old NIS databases to auth
users. But in the near future I have to switch to LDAP. The old NIS databases
are to be switched off.

So I installed the missing bits for LDAP, namely


LDAP was configured with


The entries i added are
  BASE       dc=some,dc=domain,dc=org
  URI        ldap://ldap.server
  TLS_CACERT /path/to/cert.pem

Using ldapsearch I can perfectly query the LDAP database and get the user 

After verify the LDAP setup working ok I went ahead with configuring NSS and
PAM. This is where I'm now and stuck, since I can't get that to work as 

In order not to break the current setup I left NIS as is (there shouldn't be any
problem using both NIS and LDAP, however). The was linked from
/usr/pkg/lib/security to /usr/lib/security. To get the configuration working I
used the HowTo from
nsswitch.conf got the ldap entries added

group:          files nis ldap
passwd:         files nis ldap

and /etc/pam.d/system was populated with ldap entries

auth      sufficient
auth      sufficient     no_warn try_first_pass
auth      required     no_warn try_first_pass nullok
account   sufficient
account   required
account   required
session   sufficient
session   required  no_fail no_nested
password  sufficient
password  sufficient     no_warn try_first_pass
password  required     no_warn try_first_pass

I created /usr/pkg/etc/nss_ldap.conf and sym linked pam_ldap.conf to this file.

I do have a user entry in LDAP that does not exist in NIS. But whatever I try I
can't get getent(1) to produce output for this user (although NIS works ok for
other users).

Up to now I haven't made any step further.

What am I missing? Please feel free to ask for config data I have not provided
in this mail. I think LDAP isn't the problem since ldapsearch produces correct
output, though.

Any hints are very much appreciated.



Uwe Lienig
fon: (+49 351) 462 2780
fax: (+49 351) 462 3476

Forschungsinstitut Fahrzeugtechnik
parcels: Gutzkowstr. 22, 01069 Dresden
letters: PF 12 07 01,    01008 Dresden

Hochschule für Technik und Wirtschaft Dresden (FH)
Friedrich-List-Platz 1, 01069 Dresden

Home | Main Index | Thread Index | Old Index